IRO-02
Incident Handling
Description
Mechanisms exist to cover: (1) Preparation; (2) Automated event detection or manual incident report intake; (3) Analysis; (4) Containment; (5) Eradication; and (6) Recovery.
Control Question
Does the organization cover: (1) Preparation; (2) Automated event detection or manual incident report intake; (3) Analysis; (4) Containment; (5) Eradication; and (6) Recovery?
Control Metadata
Domain:
Incident Response
Validation Cadence:
Annual
Evidence Request List:
E-IRO-03
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS 230
32
APRA CPS234
2324
MAS TRM
7.7.3(a)7.7.3(b)7.7.3(c)
HKIA GL20
4.14.24.35.15.25.35.45.55.65.76.16.2